000webhost hacked - 13 million passwords leaked

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Lauda on November 18, 2015, 04:42:48 AM

Quote from: shorena on November 18, 2015, 04:05:29 AM

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

So that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.

Yes, this should be done in general and the password should not be easy to guess like e.g. 000webhost or winter123 which is why Password managers are so great.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: shorena on November 18, 2015, 04:05:29 AM

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

Ah, that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

That's some sad news.I had an account with webhost for personal stuff trying out my own website design and server side scripts.I did have some sensitive data but doesn't seem to be affected.I had saved my passwords of all crypto related stuff including my gambling website passwords.Nothing of mine seems to be leaked.All ready cleared my data though

Thanks!

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Lauda on November 17, 2015, 06:47:01 PM

Quote from: shorena on November 17, 2015, 04:42:06 PM

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.

Parazyd

hero member

Activity: 812

Merit: 587

Space Lord

Quote from: Decoded on November 17, 2015, 08:42:47 PM

Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.

Non-related to 000webhost. But, one really awesome host that can be yours (free for one year) is the Amazon EC2. You get root access, and you can do anything you wish with it.
It's really easy to manage, and really easy to use.

Decoded

legendary

Activity: 1232

Merit: 1030

give me your cryptos

Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.

John (John K.)

legendary

Activity: 1288

Merit: 1227

Away on an extended break

Yep, I found my old account there. It's good that I used a password manager and had unique passwords though Cheesy

ryandanielt

sr. member

Activity: 267

Merit: 250

i guess thats why it was always the smartest thing to not use the same password for every site. I got i think 32 different passwords in my head I use lol

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: shorena on November 17, 2015, 04:42:06 PM

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Parazyd on November 17, 2015, 02:32:53 PM

Quote from: shorena on November 17, 2015, 02:28:53 PM

Quote from: Lauda on November 17, 2015, 02:23:50 PM

Quote from: Parazyd on November 17, 2015, 12:32:14 PM

It's a legit dump nevertheless... I found my account inside Undecided

Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know? Cheesy

You can PM me, I'll give you the dump.

Already got it, thanks.

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.

Parazyd

hero member

Activity: 812

Merit: 587

Space Lord

Quote from: shorena on November 17, 2015, 02:28:53 PM

Quote from: Lauda on November 17, 2015, 02:23:50 PM

Quote from: Parazyd on November 17, 2015, 12:32:14 PM

It's a legit dump nevertheless... I found my account inside Undecided

Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know? Cheesy

You can PM me, I'll give you the dump.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Lauda on November 17, 2015, 02:23:50 PM

Quote from: Parazyd on November 17, 2015, 12:32:14 PM

It's a legit dump nevertheless... I found my account inside Undecided

Yes, legit. I verified.

Just curious, what was your password?

Quote from: Lauda on November 17, 2015, 02:23:50 PM

-snip-
They always say "more security" until someone leaks the next set of unencrypted data.

The way they handled the person reporting them the leak speaks volumes. They probably run other hosting companies as well, they did some cross promotions on facebook.

Quote from: Lauda on November 17, 2015, 02:23:50 PM

-snip-
Interesting "hard-to-crack" passwords indeed.
-snip-

do grep correcthorsebatterystaple

Some of the passwords are actually good though, they look random and have a decent length. Others however... Passw0rd, abc123, lots of keyboard walking.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: Parazyd on November 17, 2015, 12:32:14 PM

It's a legit dump nevertheless... I found my account inside Undecided

Yes, legit. I verified.

Quote from: Parazyd on November 17, 2015, 11:29:25 AM

Did you find mine? A fucking 6char password... Damn I was an idiot back then. I think it was 2010. or something.

Not really. As said, I just looked through it I was not looking for anything particular and have already removed the file. Interesting "hard-to-crack" passwords indeed.

Quote from: Flash1997 on November 17, 2015, 12:44:35 PM

This had been happen some week ago but now they are back online, with more security.

They always say "more security" until someone leaks the next set of unencrypted data.

Lt.Bitcoin

member

Activity: 91

Merit: 10

On the mission to earn 100 BTC

Quote from: Flash1997 on November 17, 2015, 12:44:35 PM

This had been happen some week ago but now they are back online, with more security.

Hello Flash1997,

I opened their website and i think now no one will be going to create an account their. The site doesn't provide any proof that our passwords are secured with them. They should be checked and verified by some group of users whom we can trust at all.

Hope to see them back in business soon, I had an account pwned! Tongue

Lt.Bitcoin

Flash1997

full member

Activity: 183

Merit: 100

This had been happen some week ago but now they are back online, with more security.

Parazyd

hero member

Activity: 812

Merit: 587

Space Lord

Quote from: Spoetnik on November 17, 2015, 11:51:08 AM

Quote from: Parazyd on November 17, 2015, 10:54:29 AM

I have a copy of the dump. All the passwords are plaintext Grin

You see how dumb people actually are with their passwords...

What do I do with it now?

brag to your friends about having them LOL

edit:
Ahh i see the pwned site now.
Yeah i have been there before with another hacker story i seen at Neowin.net News site.
It's legit i think.
And no i was not on the list of pwned guys but i will see again now hahhaha
i thought it was just for that one incident long ago.. not multiple hacks etc.

edit:
Nope.
I checked all the accounts i use ..i was not on any list Cool

I didn't think i would be..

It's a legit dump nevertheless... I found my account inside Undecided

Spoetnik

legendary

Activity: 1540

Merit: 1011

FUD Philanthropist™

Quote from: Parazyd on November 17, 2015, 10:54:29 AM

I have a copy of the dump. All the passwords are plaintext Grin

You see how dumb people actually are with their passwords...

What do I do with it now?

brag to your friends about having them LOL

edit:
Ahh i see the pwned site now.
Yeah i have been there before with another hacker story i seen at Neowin.net News site.
It's legit i think.
And no i was not on the list of pwned guys but i will see again now hahhaha
i thought it was just for that one incident long ago.. not multiple hacks etc.

edit:
Nope.
I checked all the accounts i use ..i was not on any list Cool

I didn't think i would be..

Parazyd

hero member

Activity: 812

Merit: 587

Space Lord

Quote from: Lauda on November 17, 2015, 11:12:37 AM

Quote from: Parazyd on November 17, 2015, 10:54:29 AM

I have a copy of the dump. All the passwords are plaintext Grin

You see how dumb people actually are with their passwords...

What do I do with it now?

Well you can't generalize either. There are people that have created their accounts in the past for testing (or other reasons) and have not deleted them. However, you are also right. I have quickly looked through that list as well.

Did you find mine? A fucking 6char password... Damn I was an idiot back then. I think it was 2010. or something.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: Parazyd on November 17, 2015, 10:54:29 AM

I have a copy of the dump. All the passwords are plaintext Grin

You see how dumb people actually are with their passwords...

What do I do with it now?

Well you can't generalize either. There are people that have created their accounts in the past for testing (or other reasons) and have not deleted them. However, you are also right. I have quickly looked through that list as well.

Parazyd

hero member

Activity: 812

Merit: 587

Space Lord

I have a copy of the dump. All the passwords are plaintext Grin

You see how dumb people actually are with their passwords...

What do I do with it now?

Topic: 000webhost hacked - 13 million passwords leaked (Read 2039 times)